Skip to main content
CVE-2015-7974 HIGH POC THREAT Act Now

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%.

Authentication Bypass Ntp Tim 4R Ie Firmware Tim 4R Ie Dnp3 Firmware Clustered Data Ontap +2
NVD
CVSS 3.1
7.7
EPSS
10.7%
CVE-2015-8379 HIGH POC PATCH This Week

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Cakephp
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1567 HIGH POC PATCH This Week

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Chrony
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-1926 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Greenbone Security Assistant Greenbone Os Fedora
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-1491 HIGH This Week

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Lenovo Authentication Bypass Shareit
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2016-1489 HIGH This Week

Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network. Rated high severity (CVSS 8.0), this vulnerability is no authentication required. No vendor patch available.

Lenovo Google Information Disclosure Microsoft Shareit
NVD
CVSS 3.0
8.0
EPSS
0.6%
CVE-2016-1233 HIGH This Week

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Debian Privilege Escalation Fuse
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1492 MEDIUM This Month

The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Lenovo Google Authentication Bypass Shareit
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2015-6337 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Application Policy Infrastructure Controller Enterprise Module
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-1298 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-0869 MEDIUM PATCH This Month

Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Promotic
NVD
CVSS 3.0
5.0
EPSS
0.1%
CVE-2016-1490 MEDIUM This Month

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Microsoft Shareit
NVD
CVSS 3.0
4.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy